N00b Firewall/VPN question

By brandonban6 ·
Hello Guys,

I'm fairly green on the topic of server administration, so I had couple of beginner questions I was hoping to get some help with.

I have a small business with 4 or 5 people who VPN in to a central server running Win Server 2003.

I followed your guide here: which proved to be an excellent article!

However, in regards to the "basic firewall" operation, how do I add an exception for RDP? Before the VPN setup, the server was setup so that RDP was possible via public IP Address. After I setup the VPN with the basic firewall, I could no longer RDP in with the Public IP, if disable the firewall, I'm back in business..can I enable the firewall, and just add an exception?

Should I choose another method other than RDP, something like VNC?

thank you for your time!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Im not sure what firewall your talking about, but

by Snuffy09 In reply to N00b Firewall/VPN questio ...

they are all pretty much configured the same way...

Sourceip:port > Destinationip:port

you want to allow port 3389 (windows Remote desktop) to the the computer you want you user to be able to connect to. to make it more secure you can only allow your users public ip address so nobody else from the internet can try to breakin to your RDP tunnel.

so in your firewall config

allow IP:ANY (or use your users public ip address)
Destination(or port forward address): A computer on your LAN you want to be remotley managed.

For the user to connect from home you need to have them type in public ip address of your domain.

from work go to
They will need to enter this IP in their remote desktop app from home.

Tip(s): Dont use 2 firewalls, if your using a hardware filewall at the top of your lan architecture disable your workstation Firewalls.

Using Winows Remote desktop (3389) will lock the workstation being logged into. you will not be able to see what the user is doing and only a Administrator will be able to unlock the workstation.

Using VNC (5900) will not lock the workstation and you will be able to see everything on the screen that the user is doing.

Collapse -


by tmalo627 In reply to N00b Firewall/VPN questio ...

Both of these have their advantages depending on your needs. I use both in different situations. I use RDP when I just need to view something or change a setting on a remote computer. VNC has the ability to transfer files from one computer to another. So if that's what I need, that's what I use.

That being said the previous poster was right with RDP using port 3389. If you need to open up the usage of VNC, you need to open port 5900. In either case allow that port to be open for traffic from the WAN to your LAN.

Related Discussions

Related Forums